Cliché alert! Sometimes
life imitates art and truth is stranger than (science) fiction.

In the classic movie Spaceballs, when Lord Dark Helmet discovers King Roland's insecure password he screams, “the combination is 12345? That's the stupidest combination I've
ever heard in my life! That's the kind of thing an idiot would have on his
luggage!”

You would think that 25+ years later we would have learned
our lesson, but unfortunately we haven’t.

According to a recent Splashdata study, the most common computer password of 2013 was “123456”. Our old friend “12345” was the 20th most popular password, accompanied by timeless hits such as “letmein”, “iloveyou”, “qwerty”, “monkey” and “password.”

Obviously, insecure passwords open all sorts of security
holes and create many (potentially very expensive) problems for an IT organization.

As we approach National Change Your Password Day on Febuary 1st, let’s review 7 tips from the Spiceworks Community (and beyond) that will help ensure a good password strategy at
work and at home.

Use this National Change Your Password Day as an opportunity to change some of
your insecure passwords and to encourage your friends and end users to do the
same.

If they think that they can stick with "123456" and remain secure, gently remind them of the dozens of major security breaches that have occurred in the past year and the amount of pain they are in for if their information is compromised.

Remember, an ounce of prevention is worth a pound of cure, and you can never be too secure (there I go again with the clichés).﻿ If your users don't know where to start, send them to this how-to on how to create good passwords.

Are you already following these steps both at home and at work? Do you have any additional tips or tricks to share? Had you even heard of National Change Your Password Day before?

Does anyone know of a good xkcd generator site or program? I'm tired of trying to think of passwords to assign. We have been assigning them because, well, you know users. Monkey, password1, 12345 and the like. We will migrate this year to xkcd types of passwords but for now, we still assign them.

How ironic. I know someone who used "monkey" for years for a Yahoo account, then it was hit just recently. Had no idea that would have been one of the frequently used words. At least toss in a number or a capital letter somewhere in that!

Use 1 capital letter in your password like this: ("password" is just an example , obviously dont use this )

Password

or even better:

passworD

annother good security feature is to have a different password for every website, this might be hard to remember , but here is a good tip: at the end of the password put in the first letter of the website the password is for , eg:

There is a school of thought that says this a colossal waste of time, the thought being that passwords are not brute-forced, they are sniffed.

I am on the fence, but I like Rambler's idea of throwing some arithmetic into the password. I try to get users to put easily referenced, but hard to remember, numbers into their passwords. For example, the first 5 decimal places of pi or e.

Or I might ask a user to think of her favorite child and do the arithmetic on the birthday. If the boy was 7 years old today, the quotient of the terms in his birthday 1/30/07, would be 0..00476190476190476190

Or do the arithmetic on a home phone number from your childhood: 555-221-5843 = -5509

"SplashData's top 25 list was compiled from files containing millions of stolen passwords posted online during the previous year. The company advises consumers or businesses using any of the passwords on the list to change them immediately.﻿"

You are putting a lot of faith in the users - and even more in their
math skills. I've spent 25+ years in this business and I have lost my
faith in the end user to create a secure password that they will
remember and not write on a post-it or tell 'Employee X'. They all know about hacking and ID theft etc etc. But they still create passwords like the list above. They are
getting better I think - slowly - but I still shake my head. When they are forced by a template to
make a password that meets your companys specifications at least their hand is forced to make a good password.

Does anyone know of a good xkcd generator site or program? I'm tired of trying to think of passwords to assign. We have been assigning them because, well, you know users. Monkey, password1, 12345 and the like. We will migrate this year to xkcd types of passwords but for now, we still assign them.

TF

http://﻿correcthorsebatterystaple.net is a good one. i've started using this when new users and/or password resets are required. gets a good laugh when you send passwords out too!

Edit: also, in addition to following that schema, the site allows you to append Numbers and symbols into the password in order to meet most password requirements.